Bladchan

**Name of the Vulnerable Software and Affected Versions** LIEF versions prior to 0.12.3 **Description** A heap buffer overflow in the `parse dyldinfo generic bind` function of LIEF's `BinaryParser` allows attackers to cause a Denial of Service (DoS) via a crafted MachO file. **Recommendations** For versions prior to 0.12.3, update to version 0.12.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `parse dyldinfo generic bind` function until a patch is available. Avoid processing untrusted or crafted MachO files with the affected LIEF versions.

**Name of the Vulnerable Software and Affected Versions** LIEF version 0.12.1 **Description** A vulnerability in the LIEF::MachO::BinaryParser::init and parse function allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file. **Recommendations** For LIEF version 0.12.1, update to a version that includes the fix committed at fde2c48986739fabd2cf9b40b9af149a89c57850 to resolve the issue. As a temporary workaround, consider avoiding the use of the `init and parse` function in the `LIEF::MachO::BinaryParser` until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** LIEF version 0.12.1 **Description** A vulnerability in the LIEF::MachO::SegmentCommand::virtual address function allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file. **Recommendations** For LIEF version 0.12.1, update to a version that includes the fix available at commit number 24935f654f6df700a9a062298258b9485f584502. As a temporary workaround, consider avoiding the use of the `LIEF::MachO::SegmentCommand::virtual address` function until a patch is applied.